Logging with DD-WRT
From DD-WRT Wiki
DD-WRT uses the syslog and klog daemons to log system, kernel, and firewall events. This can be useful for troubleshooting purposes, or just to keep an eye on how your router/network is behaving.
Logging is probably disabled by default. To enable it:
- Enable Syslogd under the Services tab.
- If you wish to send logs to a remote system, enter the IP address of that machine which is also running a syslog utility (it needs an open network socket in order to accept logs being sent by the router).
- To log firewall events, go to the Security tab and enable the appropriate options under Log Management. (Note: this doesn't function in micro)
That's all there is to it. DD-WRT should now be logging...either locally to /tmp/var/log/messages, or remotely to the IP address you specified earlier.
 Recommended tools
Here are some utilities you may wish to check out if you're logging remotely:
Linux already has syslogd built in.
 Remote logging with Papertrail
Papertrail provides hosted log management, live in minutes. It's free of charge (if you do not need more than 100MB a month). Setup is easy with a just few of clicks. You can access and see your logs from anywhere in the world by visiting Papertrail web page.
Once you have a Papertrail account, the easiest way to setup the website logging in DD-WRT is to use the unique hostname and port that Papertrail provides to you for your account, and paste it into the Remote Server field.
- Go to the Settings tab in Papertrail
- Click Log Destinations tab
- Copy the url and port number provided (i.e. logs2.papertrailapp.com:xxxxx)
- Go to the Services tab in DD-WRT
- Enable Syslog on the Services tab
- Paste the url from step 3 into the Remote Server field for Syslog
- Apply changes, and your router will begin sending logs to the Papertrail website
 Remote logging with Logentries
Logentries is an easy-to-use, self-hosted log management and analytics service for teams of all sizes.
 Displaying logs in your web browser
create a symbolic link in /tmp/www
ln -s /tmp/var/log/messages /tmp/www/log.html
now go to:
(credits to kuthulu for that tip)
If you are on ddwrt v3.0 on a kernel 3.10 and above, you can see your logs by typing:
in your web browser (assuming 192.168.1.1 is IP of your ddwrt router)
 micro versions
Micro versions have a stripped down version of BusyBox, so it might not include the ln command used above. In that case, you can use a different method to view the logs from within your browser, shown below.
As noted in the Setup section, the logfile in micro currently does not show any firewall events, unfortunately.
 Saving the logfile across reboots
If you have some external storage such as a USB hard drive or SD/MMC card, you can probably use a CRON job and/or shutdown script to copy the logfile there.
Another option is to restart the syslog daemon, telling it to save the logfile in a new place. For example:
killall syslogd syslogd -L -s 8192 -O /opt/var/log/messages
#credits to frater for the commands
Note: If you choose to restart syslogd, you'll probably want to do it in a startup script.